I'm trying to make an AJAX POST Request from my iOS (Cordova) App. The API URL has a secure certificate on www.myDomain.ch but not without www.
When I test the Request with a tool everything works. I also tried it in a React test application, and it worked.
Only from my iOS App the Request causes in a 403 error. I've tried it with jQuery Ajax, fetch and axios. The Backend also has CORS enabled.
My AJAX call looks like:
$.ajax({
url: 'myurl',
data: JSON.stringify(dataObject),
method: 'POST',
dataType: 'json',
success: function(data) {
console.log('success', data);
},
error: function(err) {
console.log('error', err);
}
});
Requires iOS a special https certificate or is there something I have to add in the Request Header?
You probably need to declare the domain in your plist file for your app to meet iOS App Transport Security requirements. See this link:
App Transport Security
Related
I need to make a request from my localhosted nodejs/express js client to a 3rd party API that I hosted on the cloud. However each time I am trying I get a cors error. Curiously It works when I do the same request from postman but not from localhost with my nodejs app.
$.ajax({
type: "POST",
url: url,
data: file,
processData: false,
contentType: false,
})
Any suggestion ?
Use a proxy to avoid CORS errors.get reference of this https://github.com/Rob--W/cors-anywhere/issues/301 it might help you out
I'm working with an endpoint that seems to be built on Django.
Attempting to setup basic aJax communication to it via POST I wrote:
jQuery.ajax({
type: "POST",
url: "http://API-ENDPOINT-URL",
data: "",
dataType: "json",
crossDomain: false,
beforeSend: function(xhr){
xhr.withCredentials = false;
xhr.setRequestHeader('Authorization', 'Token <TOKEN THAT I WAS PROVIDED>' );
},
success: function(results)
{
reqListener(results)
}
});
With those code a few things happened:
I first got a CORS error since I'm trying to build on my local server. I installed this chrome extension to bypass it. (I have no access to the server to enable CORS)
2.I get this error in the console:
XMLHttpRequest cannot load http://API-ENDPOINT-URL. Response for
preflight has invalid HTTP status code 401
looking at the Chrome console for the network request I see this comes back:
{"detail":"Authentication credentials were not provided."}
What am I missing? Am I incorrectly sending the authentication token?
Doing token auth via Javascript without CORS enabled is a suicide mission.
Do yourself a favor like I did and just do it via server side.
I am using jQuery ajax to send request to some API. Due to the CORS policy I got a CORS error on the browser's console
Here's by code
$.ajax({
url: sendHere,//api url
type: 'GET',
contentType: 'text/plain',
crossDomain: true,
beforeSend: function(xhr){
xhr.withCredentials = true;
},
}).done(function (result) {
console.log(result);
}).error(function (err) {
//console.log(err);
});
Error
'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://www.mywebsite.com' is therefore not allowed access.
I tried to solve this problem by installing a chrome extension to enable allow cross origin request. This extension somehow solved my problem and got a response from the api. But installing an extension is not good.
I also tried to make the request with JSONP(dataType:'jsonp') but the response given by the api is not in json format, it is string so it gives an error.
Code with JSONP
$.ajax({
url: sendHere,//api url
type: 'GET',
crossDomain: true,
dataType:'jsonp',
}).done(function (result) {
console.log(result);
}).error(function (err) {
//console.log(err);
});
Uncaught ReferenceError: E0002 is not defined
where "E0002" is the response string from the api
!!!PLEASE HELP!!!
There are 2 situations -
If you have control over the api code then
make changes in header and add your origin as well.
If you don't have control to change CORS header that is coming from
the api
you have only one option create a backend code(your own api) in any language you prefer that make an http request and get the data. now use your own api to get data on your frontend.
The cors error is cross origin request policy maintained by the browser for security.
To solve your problem either you will have to allow cors request in your server coding or if you do not have access to the server api code you will have to make the api call from your server to api server
I am trying to set up a client script to make an ajax call to a web service on a different domain, to make things more complicated the web service is HTTPS. The service is MVC4 WebApi (REST). The client script is also running from a HTTPS domain. I am getting an "Access is denied" error when I try to make the call. For example, I have a script running at https://domain_a.com/clientpage/script.js and making a call to https://domain_b.com/serviceapi/method/, the ajax error callback reports the Access is Denied error. I took this exact scenario and tested without SSL in the mix, so http to http, and then the ajax call works fine, I also set $.support.cors = true, and also tried crossDomain: true in the ajax options. Is this supposed to work with https, am I missing something, or will this simply not work? Any suggestions?
Here is a sample of my ajax call:
$.support.cors = true;
$.ajax({
url: requestURL,
crossDomain: true,
type: "GET",
headers: { "Authentication": "user#domain.com:" + hashcode },
data: "{}",
contentType: "application/json; charset=utf-8",
dataType: "json",
success: function (data) {
alert("call succeeded");
},
error: function (response) {
alert("call failed");
}
});
jQuery version: 1.10.2
browser: IE9 (hoping this can work with multiple browsers: chrome, firefox, safari)
web service: MVC4 WebAPI .NET 4.5
UPDATE:
I did some more testing and ruled out the web service as the issue, it appears to be an issue with the underlying xmlhttprequest object or the browser. I ran fiddler while testing the https to https scenario (fiddler is set to decrypt https traffic and I tested this) and there is no traffic whatsoever when I try to make the ajax call and it fails. That leads me to believe its the browser. Here's the list of scenarios I tested and the result:
http to http, same domains: success
http to http, different domains: success
https to https, same domains: success
https to https, different domains: fails. <<-- I would expect this to be one of the most common scenarios for web service usage, some ISV makes a service available to customers who call it from a different domain, and they want to use SSL.
Sometimes when developing in a development environment, most companies don't dish out the money for a ssl cert and use a self signed cert which can cause the browser to throw up the big red screen that says warning and you have to continue. In Chrome i know when you do this kind of stuff using an iframe, it crashes the iframe window unless i accept the cert during that session.
With that said, are you sure that domain_b.com has a valid ssl cert? if not have you accepted the SSL cert in your browser session? You can test this by manually copying the URL from the ajax call, paste it in the window and visit it. Once you accept the cert, it should start working.
You may see an image like this:
If so, click Proceed anyway
I didn't directly solve the issue of calling cross-domain on https, however I did come up with a workaround that was acceptable in my situation: Instead of attempting to call cross-domain directly from the client I built a web service that sits between the client and server on the other domain. The web service is on the same domain as the client and so the client can call this service without any trouble. The web service then uses standard HTTP communications to send requests to the remote server and accept responses, the responses are then returned back to the client. Basically the local web service acts like a sort of proxy between the clients and remote server.
Context
I'm trying to get an Access Token from the Flickr API using their their OAuth specification.
The first step to get an Access Token is to obtain a Request Token. I successfully manage to generate a correctly signed and valid URL to request this token: when I copy/paste the generated URL in my browser, I get the correct response.
Problem
As this part doesn't concern the user, I'm trying to get the Request Token by making a simple Ajax call:
console.log(baseURL + "?" + requestURL);
// When I copy/paste the log result in my browser, it works.
$.ajax({
url: baseURL,
type: 'GET',
data: requestURL,
done: function(data) {
console.log('Request Token data', data);
}
});
The problem is that I get an Access-Control-Allow-Origin issue:
XMLHttpRequest cannot load http://www.flickr.com/...
Origin http://localhost:8080 is not allowed by Access-Control-Allow-Origin.
I've tried using dataType: 'jsonp' as a parameter of the Ajax call without any success:
GET http://www.flickr.com/... 401 (Unauthorized)
Any ideas? Thank you very much in advance for your help!
It is not possible to implement Oauth 1.0 through just javascript without any server side script. Since the flickr's new authentication process is based on Oauth 1.0a. You got to use a server-side script.